SDSM:Pending Changes: Difference between revisions

This document consists of multiple parts; for a directory to all of the parts, see SDSM:Index.

Description

This part of the SDS Modernization (SDSM) document enumerates a not necessarily exhaustive list of pending changes or improvements that were made to SDS, made by Darren Duncan if by whom is not otherwise specified.

It is similar to the Historical Changes part but that it describes work which was prepared and published in a Git branch but it was deemed premature to merge it to the trunk, such as due to a desire for more testing first, or because it was possibly unfinished; in contrast, Historical is for work that was merged to trunk.

RETURN

SDS Laravel: Fixes to Broken Behavior

2024 May 20: Timeout Feature Broken In Sub-Directory Hosted Apps

SDS Laravel has a security feature such that if a user is inactive for a period of time, 15 minutes typically, they will be automatically logged out of the app. The app displays a countdown timer on the top right hand corner of the screen that ticks for every second of activity. Javascript code running in the client web browser will normally reset the countdown to the full amount whenever a user interface (UI) event occurs that it considers continued user activity, such as mouse movement over the screen.

This feature is implemented partly by the web client invoking the /session endpoint on the server.

That invocation fails on any SDS Laravel app instance that is hosted at a web address which is a sub-directory of the base url (meaning it is based at an address like https://foo.com/bar rather than at an address like just https://foo.com). This is because the web client is trying to unconditionally treat every app instance as if it is hosted directly at the base url with respect to its attempts to invoke the /session endpoint, and so it is invoking the wrong web address for instances that are at sub-directory urls.

As a result, for broken app instances, while the first UI activity indicating continued user activity will reset the countdown timer displayed on screen to the user, all subsequent UI activity will have no effect on the timer, and it will not reset, and the server will not be aware of this activity. Only a full page load like clicking a link to a new page will register as activity and reset the timer.

This breakage affects all SDS Laravel instances at https://sdsdev.smus.ca which are in sub-directories.

The primary change of this task fixes the problem by making the web client respect the actual location of the app when invoking /session. Mainly it is a 1-line change in the Laravel Blade template file resources/views/layouts/main.blade.php to use url: '{{route('session')}}' rather than url: '/session'.

An additional change of this task is to fix a problem where the app's background image doesn't display for the same underlying reason. The problem is that the web client is trying to load the image public/images/body.png from the wrong location. The fix updates 1 line in the CSS file public/css/smus_custom.css to background: url('../images/body.png') from background: url('/images/body.png'); the newly-relative url is relative to the location of the CSS file itself.

There is still additional broken behavior related to static asset loading like the background image example, affecting custom fonts for example, but these references are in the generated file public/css/app.css as parts of third-party dependencies, and so these were left alone.

SDS Laravel: Internal Design Changes

2024 May 7: Replace model attrs "dates" with "casts"

Laravel supported a "dates" model attribute through version 9, and then Laravel 10 removed it. The function of this was to enumerate database/model fields that were supposed to be automatically converted to Carbon DateTime objects; so under Laravel 8, any "dates" declarations would be respected, while under Laravel 10 they would be ignored.

Compare:

• https://laravel.com/api/9.x/Illuminate/Database/Eloquent/Concerns/HasAttributes.html
• https://laravel.com/api/10.x/Illuminate/Database/Eloquent/Concerns/HasAttributes.html

As a result, simply upgrading SDS Laravel from Laravel 8 to 10 resulted in many parts of the app breaking in various ways including when simply visiting the post-login home screen, as PHP died with errors like Call to a member function format() on int.

To fix this, any instances of protected $dates = ['x',...] in model classes were replaced with protected $casts = ['x'=>'datetime',...] which was the more modern way to get the same functionality, which exists in both Laravel 8 and 10. For the few model classes that already had other $casts declarations, the replacements were merged with those.

The changes of this task were not merged to trunk yet because it was deemed important to give each instance of the changed 51 model classes more thorough testing before merging than they had received as of 2024 May 7. One key reason for this is the idea that the fields in question might not all be date+time, and rather may be date-only or time-only. All SDS Laravel screens accessible from a main menu item were found to load and at a glance seemed to display correctly, with these changes included, but that is as far as any testing went as of 2024 May 7. (There are 2 such screens that didn't load, but they didn't load prior to these changes either, and that is a separate concern.)

As of 2024 May 7, the changes of this task have been bundled with the changes of the task upgrading SDS Laravel from Laravel 8 to 10, so the sum changes would receive the necessary thorough testing together before being merged to trunk. However, since the changes of this task do not depend on the upgrade, it is possible that a subset of them may be fully tested and merged sooner when other changes using the same models occur.

RETURN

SDS Laravel: Changes to Third-Party Dependencies

2024 May 16: Stop requiring laravel-eloquent-uuid

SDS Laravel uses serially generated integers in most of its database tables for their primary key fields, but for a small number of tables it instead uses generated UUIDs for their primary key fields.

Prior to the performance of this task, the third-party PHP library dependency goldspecdigital/laravel-eloquent-uuid version v8.0.1 was used to empower such UUID use, since Laravel Eloquent itself did not support these prior to version 9.3. While we can make use of equivalent functionality built-in to Laravel once we upgrade to Laravel 10, we can't while we are on Laravel 8.

Fundamentally, the feature in question that we use is summed up by a single very small PHP trait defined in a single file of a few dozen lines of code. This is the case both for the goldspecdigital version used prior to this task and the Laravel built-in that can be used later.

Here is a description of the built-in feature in Laravel 9.3+:

https://laravel.com/docs/11.x/eloquent#uuid-and-ulid-keys

Regardless of which of these options is used, most of core UUID-specific functionality is provided by the third-party PHP library ramsey/uuid, and Laravel 8+ itself already has this as its own dependency for other reasons.

The primary change of this current task is to clone the single PHP file from goldspecdigital that we actually use into SDS Laravel itself, as the new file app/Models/Traits/Uuid.php, and to update composer.json to remove the explicit external dependency on goldspecdigital/laravel-eloquent-uuid. In the process, the fully-qualified PHP trait name was renamed to App\Models\Traits\Uuid from GoldSpecDigital\LaravelEloquentUUID\Database\Eloquent\Uuid, but it had no other changes of any kind.

The only 5 other app PHP source files that directly used it were updated to account for the new name:

• app/Models/Application/Application.php
• app/Models/User.php
• app/Models/User/Student.php
• app/Models/User/Teacher.php
• app/Models/User/UserContract.php

These further 3 files also referenced the trait but commented out, so not current users but possible past or future users:

• app/Models/Application/AppUser.php
• app/Models/User/Address.php
• app/Models/User/Guardian.php

Another change made by this current task was to delete the single PHP file app/Models/Traits/Uuids.php as it appeared to be unused.

Note that goldspecdigital/laravel-eloquent-uuid had a newer version 10.x that was explicitly compatible with Laravel 10, however a source comparison of the 2 versions found that they were actually identical in every way aside from adding a half dozen PHP type annotations in the source code and changing the composer.json to require Laravel 10 instead of 8. As such, it was actually the Uuid.php file from version 10 cloned by this task rather than the one from version 8, so we benefitted from the added PHP type annotations, and the behavior should be identical.

The net effect of this task was to maintain exactly the same app behavior while dropping a hard external dependency, this reducing our overall complexity and simplifying the later task of upgrading to Laravel 10.

It is expected that the future upgrade to Laravel 10 will take the next step and remove this cloned trait file, and its users will use the Larvel 10 built-in instead.

RETURN

2024 May 3: Upgrade Laravel from 8.x to 10.x

This task updated composer.json to require the latest PHP-8.1-compatible major version of the PHP library dependency Laravel from 8.x to 10.x.

To be more specific, it made these dependency changes:

• barryvdh/laravel-debugbar (^3.7 to ^3.13.5)
• directorytree/ldaprecord-laravel (^2.7.3 unchanged but upgrade exists)
• etern8ty/beanstream (dev-master unchanged but upgrade exists)
• fakerphp/faker (^1.23.1 unchanged)
• fideloper/proxy (^4.4.2 removed as Laravel has its upgrade built-in)
• goldspecdigital/laravel-eloquent-uuid (^8.0.1 to ^10.0)
• guzzlehttp/guzzle (^7.8.1 unchanged)
• intervention/image (^2.7.2 unchanged but upgrade exists)
• juliomotol/laravel-auth-timeout (^3.1.1 to ^4.1)
• lab404/laravel-impersonate (^1.7.5)
• laravel/framework (^8.83.27 to ^10.48.10)
• laravel/helpers (^1.7 unchanged but possibly no longer needed)
• laravel/pint (^1.15.3 added but not yet used)
• laravel/sail (^1.29.1 added but not yet used)
• laravel/sanctum (^3.3.3 added but not yet used)
• laravel/tinker (^2.9 unchanged)
• laravel/ui (^3.4.6 to 4.5.1)
• mockery/mockery (^1.6.11 unchanged)
• nunomaduro/collision (^5.11 to ^7.10)
• phpunit/phpunit (^10.5.20 unchanged)
• spatie/laravel-ignition (^1.6.4 to ^2.7)
• staudenmeir/eloquent-has-many-deep (^1.14.4 to ^1.19.3)

Note that juliomotol/laravel-auth-timeout version 4.1 requires Laravel version 9 or greater so it can not be upgraded from 3.1.1 prior to the Laravel 10 upgrade.

This task also updated app/Http/Middleware/TrustProxies.php to be compatible with the replacement of fideloper/proxy with a Laravel built-in. The changes were in 2 spots.

First was this substitution:

   use Fideloper\Proxy\TrustProxies as Middleware;

   use Illuminate\Http\Middleware\TrustProxies as Middleware;

Second was this substitution:

   protected $headers = Request::HEADER_X_FORWARDED_ALL;

   protected $headers =
       Request::HEADER_X_FORWARDED_FOR |
       Request::HEADER_X_FORWARDED_HOST |
       Request::HEADER_X_FORWARDED_PORT |
       Request::HEADER_X_FORWARDED_PROTO |
       Request::HEADER_X_FORWARDED_AWS_ELB;

This task also updated app/Http/Middleware/AuthTimeoutMiddleware.php to be compatible with the juliomotol/laravel-auth-timeout upgrade.

There was this 1 substitution:

   use JulioMotol\AuthTimeout\Middleware\AuthTimeoutMiddleware as BaseMiddleware;

   use JulioMotol\AuthTimeout\Middlewares\CheckAuthTimeout as BaseMiddleware;

This task also explored upgrades to some other PHP library dependencies but they were excluded due to requiring more substantial code changes for compatibility, and will be returned to later.

RETURN